Hackers are using ads on Yahoo's biggest websites to try to infect millions of people's computers with malware

Yahoo CEO Marissa Mayer.
AP
Advertising across Yahoo's biggest websites — Yahoo.com, and its sports, celebrity, finance and games sites — is being exploited by a cybercrime group looking to infect people's computers with malware, according to security company Malwarebytes.

Most malvertising attacks make use of exploit kits in an attempt to redirect victims to a website with malware. Often the site infects a computer with ransomware, which locks a user out of their device unless they pay a fee to the hackers in order to regain access.

The campaign on the Yahoo ad tech and e-planning networks began on July 28 and is still active, according to Malwarebytes. The security company says, in a blog post due to be published later on Monday, that it has made Yahoo aware of the issue.

Here's the scary message Malwarebytes Anti-Exploit users see when they try to click on one of the infected ads:

Malwarebytes

Here's some of the nasty code Malwarebytes discovered on the Yahoo ad network.

Malwarebytes

Yahoo provided Business Insider with this statement after this story was published

Yahoo is committed to ensuring that both our advertisers and users have a safe and reliable experience. As soon as we learned of this issue, our team took action to block this advertiser from our network.

We take all potential security threats seriously. With that said, the scale of the attack was grossly misrepresented in initial media reports and we continue to investigate the issue.

Unfortunately, disruptive ad behavior affects the entire tech industry. Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience. We'll continue to ensure the quality and safety of our ads through our automated testing and through the SafeFrame working group, which seeks to protect consumers and publishers from the potential security risks inherent in the online ad ecosystem.

The code shows that the Yahoo ad network URL leads to Microsoft Azure websites, which have also been affected as part of this attack. Boyd said many of the Azure websites caught up in this attack are likely to have been phished accounts, as opposed to ones set up for the explicit purpose of scamming users. Microsoft Azure websites are aimed at app developers and allow any individual to make a website.

Here's what Malwarebytes discovered across some Microsoft Azure websites.

Malwarebytes

A Microsoft spokesperson provided Business Insider with this statement: "As soon as we were alerted to the malicious site we took immediate steps to shut it down. When we identify misuse of the service that violates the Azure Acceptable Use Policy, such as the distribution of malware, we quickly take action. To report suspected security issues or abuse of Microsoft Online Services, visit https://cert.microsoft.com/."

This means the attack is one of the biggest Malwarebyes says it has ever seen.

Boyd told Business Insider: "While there is no way to know for sure who may have been exposed to the rogue adverts, the sheer numbers thrown at the Yahoo pages could potentially mean high rates of infection. Many Malvertising attacks tend to focus on specific geographical locations depending on ad networks used, but this campaign could have had a huge amount of reach."